Stop bot traffic
in 3 minutes.
Real-time scoring for every visitor — powered by fingerprinting, ASN reputation, and cross-client threat intelligence. Drop-in PHP, WordPress plugin, or one API call.
The 5-Layer Detection Pipeline
Every request passes through five independent signals before a verdict is issued. All run in under 50 milliseconds.
Tor & VPN
Cross-reference the live Tor exit-node list and 40+ commercial VPN provider ranges.
InstantDatacenter ASNs
AWS, GCP, Azure, DigitalOcean, OVH + 200 more — real users don't browse from datacenters.
50k+ rangesGlobal Blacklist
1.5M+ known-bad IPs and CIDR ranges, refreshed every hour via cross-client threat sharing.
HourlyUA & Headers
Headless browsers, automation frameworks, and header-order anomalies flagged in microseconds.
HeuristicBrowser Fingerprint
Canvas, WebGL, audio, fonts, behavior — 90+ signals composed into one ML risk score.
ML scoringSee It In Action
Check any IP address against the full ZeroBot pipeline. No signup required.
—
—Composite ML Scoring Engine
Each signal produces an independent score. A Bayesian model combines them into one final verdict, tunable to your tolerance for false positives.
No single signal is ever the final word.
Most anti-bot services block based on hard rules — one IP match and you're out, even if you're a legitimate VPN user. ZeroBot weighs every signal, cross-validates them, and only decides when the combined evidence passes your configured threshold.
- Per-signal reputation decay. Old flags weigh less than new ones.
- Cross-client learning. A blacklist hit on one customer strengthens detection for all.
- Calibrated to your traffic. Set a tolerance: 60 for aggressive, 80 for strict, 40 for lenient.
- Full signal breakdown. Every blocked request logs the exact signals that triggered it.
Example Request · Score 72 / 100
How much is bot traffic costing you?
Enter a couple of numbers and see what ZeroBot saves per month.
One API call. Zero DNS changes.
Check a visitor in any language. No SDK install, no proxy setup, no annual contract.
# Check any visitor against the pipeline curl "https://api.zerobot.info/v3/openapi" \ --data-urlencode "license=YOUR_LICENSE_KEY" \ --data-urlencode "ip=$CLIENT_IP" \ --data-urlencode "domain=yoursite.com" \ --data-urlencode "useragent=$HTTP_UA" # Returns JSON: # { "is_bot": false, "reason": "Clean", "risk_score": 4, "country_code": "US" }
<?php $response = file_get_contents('https://api.zerobot.info/v3/openapi?' . http_build_query([ 'license' => YOUR_LICENSE_KEY, 'ip' => $_SERVER['REMOTE_ADDR'], 'domain' => 'yoursite.com', 'useragent' => $_SERVER['HTTP_USER_AGENT'] ?? '', ])); $data = json_decode($response, true); if ($data['is_bot']) { http_response_code(403); exit('Blocked: ' . $data['reason']); }
const res = await fetch('https://api.zerobot.info/v3/openapi?' + new URLSearchParams({ license: process.env.ZEROBOT_KEY, ip: req.ip, domain: 'yoursite.com', useragent: req.headers['user-agent'] || '', })); const data = await res.json(); if (data.is_bot) { res.status(403).send(`Blocked: ${data.reason}`); }
# Install once. Zero code. 1. Plugins → Add New → Upload "zerobot-security.zip" 2. Activate 3. ZeroBot → License → paste your key 4. Protection → flip master switch ON Firewall, Login Guard, Comment Guard, REST API Guard, XML-RPC Guard, and Browser Fingerprint run automatically.
Enterprise-grade security you can verify
Your visitors' data never leaves what's necessary for detection. No selling, no tracking.
GDPR Ready
EU-hosted infra. DPA on request.
SOC 2 Pending
Type I audit in progress.
99.99% Uptime
Multi-region, automatic failover.
TLS 1.3
Every request encrypted end-to-end.
Data Sovereignty
No third-party data sharing.
24/7 Support
Email + chat, priority on paid plans.
Protect any stack in minutes
A native WordPress plugin, copy-paste snippets for every major server language, and a REST API for everything else. Same backend, same scoring engine, one API call.
WordPress plugin
One-click install from WordPress.org. Six protection layers, dashboard, and threat logs in your wp-admin — zero code.
Read the guide →PHP drop-in
Single file, one require. Works on shared hosts, custom themes, Laravel, CodeIgniter — any PHP 7.4+ backend.
Node.js / Next.js
Express middleware, Fastify hook, or Next.js Edge Runtime. Async, zero dependencies, ready for Vercel or self-host.
Read the guide →Python
Flask decorator, Django middleware, or FastAPI dependency. Under 30 lines with only requests / httpx.
cURL & REST
Protocol-level reference with Go, Ruby, and Rust examples. Drop into any stack that can make an HTTP request.
Read the guide →Full API reference
Every endpoint, every parameter, every response shape — plus a built-in interactive tester. The source of truth.
Open the reference →ZeroBot vs the market
Detailed per-vendor breakdowns with pricing and feature tables.
What teams say
"We replaced three separate tools — a WAF, a captcha, and a proxy scrubber — with ZeroBot alone. Invoice went from $450 to $49/mo."
"The WordPress plugin took 4 minutes to install and immediately cut spam comments to zero. The dashboard is the clearest I've used."
"The API is exactly what a developer-first product should look like. One call, predictable JSON, never once flaky in 6 months."
Pay for what you protect
No contracts. Cancel from the dashboard anytime.
- 5 Domains
- Unlimited IP Quota
- Traffic Verification
- Captcha Features
- Shortener Service
- White & Black List Manager
- Simple Configuration
- Email Support
- 10 Domains
- Unlimited IP Quota
- Traffic Verification
- Captcha Features
- Shortener Service
- White & Black List Manager
- Simple Configuration
- Email Support
- 20 Domains
- Unlimited IP Quota
- Traffic Verification
- Captcha Features
- Shortener Service
- White & Black List Manager
- Simple Configuration
- Email Support
- 40 Domains
- Unlimited IP Quota
- Traffic Verification
- Captcha Features
- Shortener Service
- White & Black List Manager
- Simple Configuration
- Email Support
- 80 Domains
- Unlimited IP Quota
- Traffic Verification
- Captcha Features
- Shortener Service
- White & Black List Manager
- Simple Configuration
- Email Support
Frequently asked questions
Under 3 minutes for WordPress (plugin install + license paste). About 5 minutes for custom PHP / Node (one API call in your request middleware).
No. Unlike Cloudflare or Sucuri, ZeroBot is an API call from your server. Nothing about your DNS, SSL, or CDN has to change.
By default we fail open — visitors are allowed through and the incident is logged. You can switch to fail-closed if you prefer strict security.
No. We use IPs and user agents for classification only, we don't sell data, and we don't run ad tracking. Cross-client threat intelligence is anonymized (only IP reputation scores are shared, never visitor identity).
Yes. Paid plans are month-to-month, cancellable from the dashboard. No annual contracts, no cancellation fees.
The WordPress plugin auto-exempts WooCommerce Store API routes, WPML admin paths, and other common plugin endpoints. You can add custom exempt routes from the settings page.